Add support for multiple datalink interfaces

.github/workflows/cppcheck.yml

@@ -1,5 +1,4 @@
-Name: CppCheck code linter
-
+name: CppCheck code linter
 
 on:
   push:
@@ -9,16 +8,17 @@ on:
 
 jobs:
   linter:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           submodules: true
 
       - name: Update repo
         run: |
           sudo apt-get update
+          sudo apt install -y cppcheck
 
       - name: Run cppcheck
         run: |

.github/workflows/linux.yml

@@ -1,5 +1,4 @@
-Name: Linux interop tests
-
+name: Linux interop tests
 
 on:
   push:
@@ -8,26 +7,40 @@ on:
     branches: [ '*' ]
 
 jobs:
-  unit_test:
-    runs-on: ubuntu-22.04
+  linux_test:
+    runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           submodules: true
 
       - name: Update repo
         run: |
           sudo apt-get update
+          sudo apt-get install -y libwolfssl-dev
           sudo modprobe tun
 
       - name: Build linux tests
         run: |
           mkdir -p build/port
           make
 
-#      - name: Run interop tests
-#        run: |
-#          sudo build/test
-#
-#
+      - name: Run standalone "event loop" test
+        run: |
+          sudo ./build/test-evloop
+          sudo killall tcpdump || true
+
+      - name: Run standalone wolfssl test
+        run: |
+          sudo ./build/test-wolfssl
+          sudo killall tcpdump || true
+
+      - name: Run standalone forwarding test
+        run: |
+          sudo ./build/test-wolfssl-forwarding
+
+      - name: Run standalone TTL expired test
+        run: |
+          ./build/test-ttl-expired
+

.github/workflows/units.yml

@@ -1,5 +1,4 @@
-Name: Unit Tests
-
+name: Unit Tests
 
 on:
   push:
@@ -9,10 +8,10 @@ on:
 
 jobs:
   unit_test:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           submodules: true
 

Makefile

@@ -1,26 +1,31 @@
 CC?=gcc
 CFLAGS:=-Wall -Werror -Wextra -I. -D_GNU_SOURCE
-CFLAGS+=-g -ggdb
+CFLAGS+=-g -ggdb -Wdeclaration-after-statement
 LDFLAGS+=-pthread
 
 CPPCHECK=cppcheck
-CPPCHECK_FLAGS=--enable=all --suppress=missingIncludeSystem \
+CPPCHECK_FLAGS=--enable=warning,performance,portability,missingInclude \
+			   --suppress=missingIncludeSystem \
+			   -i src/test \
 			   --suppress=unusedFunction --suppress=unusedVariable \
 			   --suppress=missingInclude --suppress=variableScope \
 			   --suppress=constVariable --suppress=constVariablePointer \
 			   --suppress=constParameterPointer \
 			   --suppress=constParameterCallback \
 			   --suppress=toomanyconfigs \
 			   --suppress=unmatchedSuppression --inconclusive \
+			   --disable=style \
 			   --std=c99 --language=c \
 			   --platform=unix64 \
+			   --check-level=exhaustive \
 			   --error-exitcode=1 --xml --xml-version=2
 
 OBJ=build/wolfip.o \
 	build/port/posix/linux_tap.o
 
 EXE=build/tcpecho build/tcp_netcat_poll build/tcp_netcat_select \
-	build/test-evloop build/test-dns
+	build/test-evloop build/test-dns build/test-wolfssl-forwarding \
+	build/test-ttl-expired build/test-wolfssl
 LIB=libwolfip.so
 
 PREFIX=/usr/local
@@ -80,12 +85,29 @@ build/tcp_netcat_select: $(OBJ) build/port/posix/bsd_socket.o build/test/tcp_net
 
 build/test-wolfssl:CFLAGS+=-Wno-cpp -DWOLFSSL_DEBUG -DWOLFSSL_WOLFIP
 build/test-httpd:CFLAGS+=-Wno-cpp -DWOLFSSL_DEBUG -DWOLFSSL_WOLFIP -Isrc/http
+build/test-wolfssl-forwarding:CFLAGS+=-Wno-cpp -DWOLFSSL_DEBUG -DWOLFSSL_WOLFIP -DWOLFIP_MAX_INTERFACES=2 -DWOLFIP_ENABLE_FORWARDING=1
 
 
 build/test-wolfssl: $(OBJ) build/test/test_native_wolfssl.o build/port/wolfssl_io.o build/certs/server_key.o build/certs/ca_cert.o build/certs/server_cert.o
 	@echo "[LD] $@"
 	@$(CC) $(CFLAGS) $(LDFLAGS) -o $@ -Wl,--start-group $(^) -lwolfssl -Wl,--end-group
 
+build/test-wolfssl-forwarding: build/test/test_wolfssl_forwarding.o build/test/wolfip_forwarding.o build/port/posix/linux_tap.o build/port/wolfssl_io.o build/certs/server_key.o build/certs/ca_cert.o build/certs/server_cert.o
+	@echo "[LD] $@"
+	@$(CC) $(CFLAGS) $(LDFLAGS) -o $@ -Wl,--start-group $(^) -lwolfssl -Wl,--end-group
+
+build/test/test_wolfssl_forwarding.o: CFLAGS+=-DWOLFIP_MAX_INTERFACES=2 -DWOLFIP_ENABLE_FORWARDING=1
+
+build/test/wolfip_forwarding.o: src/wolfip.c
+	@mkdir -p `dirname $@` || true
+	@echo "[CC] $< (forwarding)"
+	@$(CC) $(CFLAGS) -DWOLFIP_MAX_INTERFACES=2 -DWOLFIP_ENABLE_FORWARDING=1 -c $< -o $@
+
+build/test/test_ttl_expired.o: CFLAGS+=-DWOLFIP_MAX_INTERFACES=2 -DWOLFIP_ENABLE_FORWARDING=1
+build/test-ttl-expired: build/test/test_ttl_expired.o build/test/wolfip_forwarding.o
+	@echo "[LD] $@"
+	@$(CC) $(CFLAGS) $(LDFLAGS) -o $@ -Wl,--start-group $(^) -Wl,--end-group
+
 build/test-httpd: $(OBJ) build/test/test_httpd.o build/port/wolfssl_io.o build/certs/server_key.o build/certs/server_cert.o build/http/httpd.o
 	@echo "[LD] $@"
 	@$(CC) $(CFLAGS) $(LDFLAGS) -o $@ -Wl,--start-group $(^) -lwolfssl -Wl,--end-group

config.h

@@ -6,11 +6,27 @@
 
 #define MAX_TCPSOCKETS 4
 #define MAX_UDPSOCKETS 2
-#define RXBUF_SIZE LINK_MTU * 4
-#define TXBUF_SIZE LINK_MTU * 4
+#define RXBUF_SIZE LINK_MTU * 16
+#define TXBUF_SIZE LINK_MTU * 16
 
 #define MAX_NEIGHBORS 16
 
+#ifndef WOLFIP_MAX_INTERFACES
+#define WOLFIP_MAX_INTERFACES 2
+#endif
+
+#ifndef WOLFIP_ENABLE_FORWARDING
+#define WOLFIP_ENABLE_FORWARDING 0
+#endif
+
+#ifndef WOLFIP_ENABLE_LOOPBACK
+#define WOLFIP_ENABLE_LOOPBACK 0
+#endif
+
+#if WOLFIP_ENABLE_LOOPBACK && WOLFIP_MAX_INTERFACES < 2
+#error "WOLFIP_ENABLE_LOOPBACK requires WOLFIP_MAX_INTERFACES > 1"
+#endif
+
 /* Linux test configuration */
 #define WOLFIP_IP "10.10.10.2"
 #define LINUX_IP "10.10.10.1"

docs/API.md

@@ -23,23 +23,32 @@ wolfIP is a minimal TCP/IP stack designed for resource-constrained embedded syst
 
 ### Device Driver Interface
 ```c
-struct ll {
+struct wolfIP_ll_dev {
     uint8_t mac[6];          // Device MAC address
     char ifname[16];         // Interface name
-    int (*poll)(struct ll *ll, void *buf, uint32_t len);  // Receive function
-    int (*send)(struct ll *ll, void *buf, uint32_t len);  // Transmit function
+    int (*poll)(struct wolfIP_ll_dev *ll, void *buf, uint32_t len);  // Receive function
+    int (*send)(struct wolfIP_ll_dev *ll, void *buf, uint32_t len);  // Transmit function
 };
 ```
+wolfIP maintains an array of these descriptors sized by `WOLFIP_MAX_INTERFACES` (default `1`). Call `wolfIP_getdev_ex()` to access a specific slot; the legacy `wolfIP_getdev()` helper targets the first hardware slot (index `0` normally, or `1` when the optional loopback interface is enabled).
 
 ### IP Configuration
 ```c
 struct ipconf {
-    struct ll *ll;           // Link layer device
+    struct wolfIP_ll_dev *ll;           // Link layer device
     ip4 ip;                  // IPv4 address
     ip4 mask;                // Subnet mask
     ip4 gw;                  // Default gateway
 };
 ```
+Each `struct wolfIP` instance owns `WOLFIP_MAX_INTERFACES` `ipconf` entries—one per link-layer slot. Use the `_ex` helpers to read or update a specific interface; the legacy accessors operate on the first hardware interface (index `0` unless loopback support is compiled in).
+
+If `WOLFIP_ENABLE_FORWARDING` is set to `1` at compile time, the stack performs simple IPv4 forwarding between interfaces. Packets received on one interface whose destinations match another configured interface are re-sent with the IP TTL decreased by one (or an ICMP TTL-exceeded response if the TTL would drop to zero).
+
+Enabling `WOLFIP_ENABLE_LOOPBACK` (requires `WOLFIP_MAX_INTERFACES > 1`) creates an internal loopback
+device at index `0` with the fixed address `127.0.0.1/8`. Traffic sent to that address is reflected back
+through the stack so local sockets, pings, and other services behave as they would on a standard
+loopback interface; the first hardware interface then shifts to index `1` for legacy helpers.
 
 ### Socket Address Structures
 ```c
@@ -151,6 +160,11 @@ Initializes a static wolfIP instance.
 - Parameters:
   - s: Pointer to wolfIP instance pointer
 
+```c
+size_t wolfIP_instance_size(void);
+```
+Returns the size (in bytes) required to store a `struct wolfIP`. Use this when allocating stacks from custom memory managers.
+
 ```c
 int wolfIP_poll(struct wolfIP *s, uint64_t now);
 ```
@@ -160,6 +174,12 @@ Processes pending network events.
   - now: Current timestamp
 - Returns: Number of events processed
 
+```c
+void wolfIP_recv(struct wolfIP *s, void *buf, uint32_t len);
+void wolfIP_recv_ex(struct wolfIP *s, unsigned int if_idx, void *buf, uint32_t len);
+```
+Pass inbound frames to the stack. `_ex` allows the caller to specify which interface slot produced the frame.
+
 ```c
 void wolfIP_ipconfig_set(struct wolfIP *s, ip4 ip, ip4 mask, ip4 gw);
 void wolfIP_ipconfig_get(struct wolfIP *s, ip4 *ip, ip4 *mask, ip4 *gw);
@@ -171,6 +191,18 @@ Set/get IP configuration.
   - mask: Subnet mask
   - gw: Default gateway
 
+```c
+void wolfIP_ipconfig_set_ex(struct wolfIP *s, unsigned int if_idx, ip4 ip, ip4 mask, ip4 gw);
+void wolfIP_ipconfig_get_ex(struct wolfIP *s, unsigned int if_idx, ip4 *ip, ip4 *mask, ip4 *gw);
+```
+Per-interface versions of the IP configuration helpers. The legacy functions target interface `0`.
+
+```c
+struct wolfIP_ll_dev *wolfIP_getdev(struct wolfIP *s);
+struct wolfIP_ll_dev *wolfIP_getdev_ex(struct wolfIP *s, unsigned int if_idx);
+```
+Access the link-layer descriptor(s) that should be wired to hardware drivers. `_ex` returns `NULL` if `if_idx` exceeds `WOLFIP_MAX_INTERFACES`.
+
 ## DHCP Client Functions
 
 ```c